Hello....I've been lurking around trying to pick up tidbits for Linux. I actually have RHEL 5---but need some help w/ a problem regarding the auditing. I used SECSCN to modify my audit.rules, following their instructions.
My auditd will not start. When I look at the messages, it tells me that permissions are denied. The permissions for my auditd.conf and audit.rules are rwx--r--r. When I go to services and try to stop---stop is successful. But when I try to start, start fails. My run levels are 1-5 on. What else am I missing? The auditd.conf is exactly the same as my auditd.conf for my CentOS 6.2 which is right next to the RHEL 5. It works fine. I'd appreciate either some help in the form of troubleshooting--or a link to the "right" forum for this question. Thank you, M. Sanders ISSO, SwRI 210-522-6862 -- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
